projects
/
oweals
/
luci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5a03bef
)
libs/web: stricter validation in build_url(), prevents some XSS
author
Jo-Philipp Wich
<jow@openwrt.org>
Sat, 13 Nov 2010 13:50:54 +0000
(13:50 +0000)
committer
Jo-Philipp Wich
<jow@openwrt.org>
Sat, 13 Nov 2010 13:50:54 +0000
(13:50 +0000)
libs/web/luasrc/dispatcher.lua
patch
|
blob
|
history
diff --git
a/libs/web/luasrc/dispatcher.lua
b/libs/web/luasrc/dispatcher.lua
index 8d5c02e607297d8b175a3f8fda99ae7190d166b7..451476202d456cd8fd6ce8e6861af0c4e073317e 100644
(file)
--- a/
libs/web/luasrc/dispatcher.lua
+++ b/
libs/web/luasrc/dispatcher.lua
@@
-52,11
+52,25
@@
local fi
-- @return Relative URL
function build_url(...)
local path = {...}
-- @return Relative URL
function build_url(...)
local path = {...}
- local sn = http.getenv("SCRIPT_NAME") or ""
+ local url = { http.getenv("SCRIPT_NAME") or "" }
+
+ local k, v
for k, v in pairs(context.urltoken) do
for k, v in pairs(context.urltoken) do
- sn = sn .. "/;" .. k .. "=" .. http.urlencode(v)
+ url[#url+1] = "/;"
+ url[#url+1] = http.urlencode(k)
+ url[#url+1] = "="
+ url[#url+1] = http.urlencode(v)
end
end
- return sn .. ((#path > 0) and "/" .. table.concat(path, "/") or "")
+
+ local p
+ for _, p in ipairs(path) do
+ if p:match("^[a-zA-Z0-9_%-%./,;]+$") then
+ url[#url+1] = "/"
+ url[#url+1] = p
+ end
+ end
+
+ return table.concat(url, "")
end
--- Send a 404 error code and render the "error404" template if available.
end
--- Send a 404 error code and render the "error404" template if available.
@@
-181,7
+195,7
@@
function dispatch(request)
for i, s in ipairs(request) do
local tkey, tval
if t then
for i, s in ipairs(request) do
local tkey, tval
if t then
- tkey, tval = s:match(";(%w+)=(
.
*)")
+ tkey, tval = s:match(";(%w+)=(
[a-fA-F0-9]
*)")
end
if tkey then
end
if tkey then